Added hit testing on scrollbars, so if you start a gesture over a scrollbar,
it isn't counted, and lets the user drag the scrollbar itself instead of a
panning gesture. Also cleaned up code in gesture.

Added the ability to do scrollbar hit testing in EventHandler, changed the
signature of a PlatformWheelEvent constructor, and changed scrollbarUnderMouse
to scrollbarUnderPoint, and updated all calls to that function.

Changed scrollWidth and scrollHeight to use the same logic for
visible overflow boxes that is used for clipped overflow boxes. In
particular, borders are not included and
{leftmost,rightmost,lowest}Position() are used. This logic matches IE8.

The flag should always default to true to avoid it getting set
to false in a build with accelerated compositing turned off
and then disabling accelerated compositing when subsequently
running a build with it turned on.

For the final step of ​https://bugs.webkit.org/show_bug.cgi?id=25376,
combine LocalStorage and SessionStorage into StorageNamespace. The
synching code (for LocalStorage) has already been removed, so these
classes are now very similar. All they do is essentially contain a
logical grouping of origins that are attached to specific contexts
(be it PageGroups for LocalStorage and Page for SessionStorage).

<rdar://problem/7011047> Profiler shows the record button 'on' even
though it's finished

I consolidated the creation of the user initiated profile name into
its own function and then called it from console::profile instead of
calling startUserInitiatedProfiling(). This way we don't call
toggleRecordButton() which turns on the record button.

bindings/v8/custom/V8WorkerCustom.cpp:
(WebCore::CALLBACK_FUNC_DECL):
Remove the check that prevented workers from being created w/o a command-line switch.
The flag itself and methods will be removed in a subsequent patch, after
corresponding change in Chromium.

When we disabled content sniffing for file urls we lost knowledge of many file extensions that we
didn't intend to lose. Turns out the CoreTypes UTI database doesn't know about every extension Gatekeeper
knew about.

By comparing CoreTypes' database to Gatekeepers, this patch adds a hardcoded list of file extension to MIME
type mappings that are missing in CoreType's database.

platform/network/mac/ResourceResponseMac.mm:
(WebCore::ResourceResponse::platformLazyInit): _webcore_MIMEType -> MIMEType, as we now have only one place
where we do all MIMEType correction.

platform/network/mac/WebCoreURLResponse.h: Remove _webcore_MIMEType, as it is now folded into the swizzled
implementation of MIMEType.

platform/network/mac/WebCoreURLResponse.mm:
(createBinaryExtensionsSet):
(createExtensionToMIMETypeMap):
(swizzleMIMETypeMethodIfNecessary):
(webNSURLResponseMIMEType): If it's a file URL and there's no MIME type, see if the extension exists in the
extension -> MIME type map before turning to the default MIME type. Also roll in what was previously
implemented in _webcore_MIMEType.

svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::~SVGImage): Tweak this ASSERT - SVGImages might get destroyed without ever having a client.

Scripts/build-dumprendertree: Updated to use
buildXCodeProject() when building for isAppleMacWebKit(). This
provides additional command-line switch parsing for free. Also
added --clean and --help switches. Updated copyright.

Keep track of whether the typing style should be preserved after the TypingCommand is applied. When adding onto an open
typing command, keep that flag up to date.

In this case, an InsertParagraphSeparatorInQuotedContent command, which should not preserve typing style,
was following an open Delete command, which does preserve the typing style. So we were applying the original
typing style (from before the delete, so blue text) to the cursor in the unquoted area after breaking up the blockquote.

When in view-source mode, render the contents using HTMLViewSourceDocument
regardless it's applicable for any plugin or not.

Chromium tells WebCore to render the contents of specified URL when
view-source: prefix is added to the URL. But currently, DOMImplementation
ignores inViewSourceMode() when the MIME type is indicating that the contents
are neither texts nor HTML family documents.

For example, we can check the contents of asf file without launching media
player. Rendering contents for view-source:-specified input is not what user
expects.

When in view-source mode, render the contents using HTMLViewSourceDocument
regardless it's applicable for any plugin or not.

Chromium tells WebCore to render the contents of specified URL when
view-source: prefix is added to the URL. But currently, DOMImplementation
ignores inViewSourceMode() when the MIME type is indicating that the contents
are neither texts nor HTML family documents.

For example, we can check the contents of asf file without launching media
player. Rendering contents for view-source:-specified input is not what user
expects.

Add an additional test for bug 23786 (mistreatment of CR/LF
as zero-width characters in Chromium port). Tests using Bidi text were
added when the fix was checked in. Without the patch, Chromium used
to fail the same way with LTR complex scripts as well. (that is,
CR and LF were treated as zero-width space). To prevent a potential
regression in the future, a new test with Hindi (a LTR complex script)
is added.

The expected results for Mac and Windows are added while this test
is added to Skipped file for gtk. I guess this test just needs
a new test result generated on gtk.

Add highlight functionality to the QWebPage::findText() method. Introduced is
new HighlightAllOccurrences flag which passed to the function will make it mark
all existing occurrences of specified string in the page.

Preference is named "WebKitAcceleratedCompositingEnabled"
and is a boolean value. When false, prevents compositing layers from
being created, which prevents hardware animation from running.
Also forces video to do software rendering. Added a cache for
the flag in RenderLayerCompositing and made it all work
on-the-fly when the flag is changed while a page is loaded.

bindings/v8/V8Index.cpp: Added.
(WebCore::V8ClassIndex::GetFactory): Moved from src.chromium.org.
(WebCore::V8ClassIndex::GetCache): Moved from src.chromium.org.

bindings/v8/V8Index.h:
(WebCore::V8ClassIndex::): Moved from src.chromium.org.
(WebCore::V8ClassIndex::ToInt): Moved from src.chromium.org.
(WebCore::V8ClassIndex::FromInt): Moved from src.chromium.org.

This is hopefully the last step before our renderers can run
cleanly in a chroot.

WebKit needs to be able to ask for the correct font to use in
the case that the current font doesn't include glyphs for
certain code points. Currently we make a fontconfig call in our
WebKit port to handle this.

This patch changes this so that the call is sent our via
ChromiumBridge.

Add support to associate a sourceURL with an eval()'d string
via a @sourceURL comment. Currently the sourceURL is only available
in the script debugger, not in the console or profiler, but it's
most needed in the script debugger.

English.lproj/localizedStrings.js: added new "(program): %s" string

inspector/front-end/Script.js:
(WebInspector.Script): if no sourceURL is available for the Script,
search for a comment of the form @ sourceURL=(url) to use
as the sourceURL instead.

When a "style sheet candidate" element is removed from a document,
call Document::removeStyleSheetCandidateNode() regardless of whether
the document is rendered. Otherwise, the document's style sheet
candidate set can end up containing stale references.

The ASSERTs fired because we tested PropertySlot::slotBase() for validity,
but slotBase() ASSERTs if it's invalid, so we would ASSERT before
the test could happen. Solution: Remove the ASSERT. Maybe it was valid
once, but it clearly goes against a pattern we've deployed of late.

The underlying problem was that WebCore would re-use a PropertySlot in
the case of a forwarding access, and the second use would not completely
overwrite the first use. Solution: Make sure to overwrite m_offset when
setting a value on a PropertySlot. (Other values already get implicitly
overwritten during reuse.)

When we receive shortcut events like Ctrl+V then the text in the QKeyEvent is
empty. If we're asked to disambiguate the event into a Char keyboard event,
we try to detect this situation and still set the text, to ensure that the
general event handling sends a key press event after this disambiguation.

Internet Explorer shows historical documentation of supporting
getData('File') as a way of exposing files on the pasteboard. The current version of their docs:​http://msdn.microsoft.com/en-us/library/ms537658(VS.85).aspx
has removed this reference (as far as I can tell IE never implemented it)
I have a printed copy of that URL from 2008 on my desk describing getData('File') in IE.
IE does not follow the HTML5 clipboard security model and always allows access to the full clipboard, even on dragover.

I choose not to use IE's getData('File') and instead added .files
so that the accessor could have a type, matching WebKit's existing
.files accessor on HTMLInputElement.

This is only implemented for Mac WebKit. All other platforms (including Apple's Win WebKit)
have incomplete Clipboard implementations and will require experts from those platforms
to add this functionality. Right now they all have Clipboard*::files() methods which call notImplemented();

I did not update svn-unapply, because it makes no sense in a Git world.
You don't roll in and out patch files. You make commits and deal with those.
Git users can just git reset --hard to get the same functionality.

inspector/front-end/ProfileView.js:
(WebInspector.ProfileView.prototype.refresh):
Here and in other functions: nodes we're searching in are profile data grid
nodes, so there is no more need for '_dataGridNode' references.
(WebInspector.ProfileView.prototype.searchCanceled):
(WebInspector.ProfileView.prototype.performSearch.matchesQuery):
Fixed accidental semicolon that caused 'matchesQuery' always return true.
(WebInspector.ProfileView.prototype.performSearch):
To perform search correctly in the case of bottom up tree, we need to populate
the tree, because there's no 1-to-1 correspondence between profile nodes and
data grid nodes in this case.
(WebInspector.ProfileView.prototype._jumpToSearchResult):

Fix flashing issues caused by compositing layers rendering content before
a deferred layout has happened. Because the -viewWillDraw machinery doesn't
work for composited layers, we need to use scheduleViewUpdate() to queue
up a layout via the run loop observer in WebKit, whenever we know we
are going to be painting soon.

Split the syncing portions of LocalStorageArea into StorageAreaSync.
This name will make more sense in the next patch (in this set) when
LocalStorageArea and SessionStorageArea are merged to become simply
StorageArea. (Thus the synching portion of StorageArea is in
StorageAreaSync.)

This looks like a big patch, but really all it's doing is splitting
code and patching split-related things up.

The problem was caused by the page returned with a function using a
var declaration list containing around ~3000 variables. The solution
to this is to flatten the comma expression representation and make
codegen comma expressions and initializer lists iterative rather than
recursive.

Fix for ​https://bugs.webkit.org/show_bug.cgi?id=26200 which I introduced earlier. I had
the smartReplace set TRUE initially, which was wrong since the purpose of this call is
to just replace the selection, and place the caret at the end of the selection it replaced.

The BytecodeGenerator objects were instantiated on stack, which takes up ~38kB per instance
(each instance includes copy of JSC::CodeBlock with large SymbolTable, etc.).
Specifically, since there is nested invocation (e.g., GlobalCode --> FunctionCode),
the stack overflows immediately on Symbian hardware (max. 80 kB).
Proposed change allocates generator objects on heap.
Performance impact (if any) should be negligible and change is proposed as general fix,
rather than ifdef'd for SYMBIAN.

Bit off a tiny bit more of standardizing opcode behavior to help with result
caching -- including removing my old enemy, op_resolve_function, because
it was non-standard, and removing it felt better than helping it limp along.

In r42597 (​https://bugs.webkit.org/show_bug.cgi?id=25244), I changed
the <select> handing for Chromium to fix a rendering bug. However,
although the font-size is correctly ignored, getRowHeight wasn't
updated and so was calculating the height of the rows in an
inconsistent manner. This can lead to a crash.

This makes it easier to handle errors in a standard way throughout all the code.
Since this new code raises by default when the exit_code != 0,
we should prevent future problems of bugzilla-tool continuing after
a git or svn command failed.

<rdar://problem/6950660> REGRESSION: iSale 5.5.3 crashes after I click a template to load

Due to some subtle WebKit changes - presumably some delegate callback behavior - a latent bug in
iSale was uncovered where they aren't properly retaining their FrameLoadDelegate, and we ended up
calling back to a dealloc'ed object.

WebView/WebView.mm:
(-[WebView _needsAdobeFrameReloadingQuirk]): Use more intelligent C++-style initialization.
(-[WebView _needsKeyboardEventDisambiguationQuirks]): Ditto.
(-[WebView _needsFrameLoadDelegateRetainQuirk]): YES for iSale versions under 5.6
(-[WebView dealloc]): Release the delegate if the quirk is in effect.
(-[WebView setFrameLoadDelegate:]): Retain the new delegate if the quirk is in effect.

page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::passMouseDownEventToWidget): Surround the
-mouseDown: call with calls to Widget::beforeMouseDown() and
Widget::afterMouseDown(), which prevent the widget's view hierarchy from
being removed from its parent view while the scroller is tracking the
mouse.

Undo the changeset 21212 to fix the regression bug 14062.
The changeset 21212 attempted to fix rdar://problem/5002441.
The changeset 21212 modified InsertTextCommand::input so as to convert
all spaces in text to non-breaking spaces for rdar://problem/5002441.
However, the bug was originally caused by rebalanceWhitespaceAt
and this workaround introduced a regression bug 14062.
Because rebalanceWhitespaceAt appears to behave correctly now,
the workaround introduced in 21212 is no longer needed.

Undo the changeset 21212 to fix the regression bug 14062.
The changeset 21212 attempted to fix rdar://problem/5002441.
The changeset 21212 modified InsertTextCommand::input so as to convert
all spaces in text to non-breaking spaces for rdar://problem/5002441.
However, the bug was originally caused by rebalanceWhitespaceAt
and this workaround introduced a regression bug 14062.
Because rebalanceWhitespaceAt appears to behave correctly now,
the workaround introduced in 21212 is no longer needed.

The following test cases are affected by this change.
This patch removes unappropriate non-breaking spaces (&nbsp;) and
inserts normal spaces instead.

Add logic to CSSStyleDeclaration::diff to deal with font-sizes that are
keyword values. When diff is called on a CSSStyleDeclaration, we check
the keywordSize to see if font-size matches a keyword value.

This ensures that when we diff a CSSMutableStyleDeclaration returned from
copyInheritableProperties on a CSSComputedStyleDeclaration that we
correctly identify matching font-sizes.

Scripts/prepare-ChangeLog: Added --git-index mode to list only the
changes which are already staged in the index. Useful to create an
entry for what you're about to commit while ignoring unstaged changes.

rendering/RenderLayer.h:
Add a new PaintLayerPaintingReflection flag which is set while painting inside
reflections.
(WebCore::RenderLayer::setPaintingInsideReflection):
Add a setter so that RenderLayerBacking can call it.

rendering/RenderLayer.cpp:
(WebCore::shouldDoSoftwarePaint):
Utility to clarify the logic of when a composited layer should do a software paint.

(WebCore::RenderLayer::paintLayer):
Use shouldDoSoftwarePaint() to determine when to software-paint a reflected layer.
Remove transform-related tests from the reflection-painting if test because they appear
to be unnecessary.

If the insertion point is both the begining and ending visible position
then we need to insert at the end instead of the begining, which is what
would normally happen if the insertion point was as the begining.

Introduce a new boolean property to HTMLMediaElement called webkitPreservesPitch for script to control this.

html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::HTMLMediaElement): Currently the platforms that have a flexible pitch preservation
property (Quicktime on Mac and Win) have had it on by default, so continue that default for now.
(WebCore::HTMLMediaElement::loadResource):
(WebCore::HTMLMediaElement::webkitPreservesPitch):
(WebCore::HTMLMediaElement::setWebkitPreservesPitch):

platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
(WebCore::MediaPlayerPrivate::MediaPlayerPrivate):
(WebCore::MediaPlayerPrivate::createQTMovie): Rework to allow recreation of the movie with almost the
exact same attributes as before, with pitch preservation being the difference.
(WebCore::MediaPlayerPrivate::setPreservesPitch): Recreate the QTMovie if the flag actually changes.
(WebCore::MediaPlayerPrivate::updateStates): Restore current time and rate if this is a recreated movie.
(WebCore::MediaPlayerPrivate::timeChanged): Clear the time-to-be-restored, as this callback means it
has been effectively overwritten.

platform/graphics/win/QTMovieWin.cpp:
(QTMovieWinPrivate::QTMovieWinPrivate):
(QTMovieWinPrivate::~QTMovieWinPrivate):
(QTMovieWinPrivate::task): Restore current time and rate if this is a re-created movie.
(QTMovieWin::play): Clear the time-to-be-restored, as this effectively overwrites it.
(QTMovieWin::pause): Ditto.
(QTMovieWin::setRate): Ditto.
(QTMovieWin::setCurrentTime): Ditto.
(QTMovieWin::setPreservesPitch): Recreate the Movie if the flag actually changes.
(QTMovieWin::load): Rework to allow recreation of the Movie with similar state as the movie before it,
but changing the pitch preservation flag.

Simplify the interaction between LocalStorageArea/SessionStorageArea
and StorageArea by creating a "blockUntilImportComplete()" function
rather than bouncing back and forth between the child and parent
classes in a somewhat unintuitive manner.

This patch also paves the way for LocalStorageArea and
SessionStorageArea being merged into one. It's part of several in a
set which are separating syncing (to disk) code from the rest of the
implementation so that local storage and session storage's code can be
unified.

Add setFormContentType and setFormData since it is awkward for Chromium
to use setFormInfoFromRequest to set the underlying members. Also, add
a clearChildren method that Chromium needs. These methods are used as
part of the Chromium code that serializes a HistoryItem for storing in
the browser's session history.

​https://bugs.webkit.org/show_bug.cgi?id=26611
Implement currentThreadStackBase on WINCE by adding a global,
g_stackBase, which must be set to the address of a local variable
by the caller before calling any WebKit function that invokes JSC.

The #include <phonon> header no longer exists. And the <Phonon> or
<Phonon/Phonon> headers have never existed (neither for us nor for the
Phonon sources). You have to select each and every header that you do
want now.

The WindowRef we pass to the plugin refers to the the top level window,
so the x and y positions have to be relative to this position, but we
have to manually compensate for title bar decorations and other parents
of the QWebView since contentsToWindow() only traverses to the QWebView.

Previously we did this compensation when passing on mouse coordinates to
the plugin, which caused various issues with translations such as not
being able to close the Flash settings dialog, or the hand cursor not
appearing over links.

We now do the compensation as part of the call to NPP_SetWindow, and
then pass mouse coordinates in global context without any compensation,
similar to how both Safari and Mozilla does it.

The LiteralParser was making a new UString in order to use
toDouble, however UString's toDouble allows a much wider range
of numberic strings than the LiteralParser accepts, and requires
an additional heap allocation or two for the construciton of the
UString. To rectify this we just call WTF::dtoa directly using
a stack allocated buffer to hold the validated numeric literal.

More important than the tool itself are the Bugzilla, Git and SVN class abstractions
which I hope will allow easy writing of future tools.

The tool currently implements 10 commands, described below.

Helpers for scripting dealing with the commit queue:
bugs-to-commit Bugs in the commit queue
patches-to-commit Patches attached to bugs in the commit queue

Dealing with bugzilla:
reviewed-patches BUGID r+'d patches on a bug
apply-patches BUGID Applies all patches on a bug to the local working directory without committing.
land-and-update BUGID Lands the current working directory diff and updates the bug.
land-patches [options] BUGID Lands all patches on a bug optionally testing them first
obsolete-attachments BUGID Marks all attachments on a bug as obsolete.
commit-message Prints a commit message suitable for the uncommitted changes.

These effectively replace git-send-bugzilla:
post-diff BUGID Attaches the current working directory diff to a bug as a patch file.
post-commits BUGID COMMITISH Attaches a range of local commits to a bug as patch files.

post-diff works for SVN and Git, post-commits only works for SCMs with local-commit support (like Git)

​https://bugs.webkit.org/show_bug.cgi?id=26567
Upstream V8 bindings code generator. With this change, also added interface ancestor
traversal to IDL parser, which is necessary for V8 bindings. The traversal is used
to determine whether an interface is a Node to facilitate proper casting and storage
in V8DOMMap.

Remove 'arguments' field from Register union. Having JSCell derived types in the union is
dangerous since it opens the possibility for the field to be written as a raw pointer but
then read as a JSValue. This will lead to statle data being read for the tag, which may
be dangerous. Having removed Arguments* types form Register, all arguments objects must
always explicitly be stored in the register file as JSValues.

​https://bugs.webkit.org/show_bug.cgi?id=26430
<rdar://problem/6944442> Elements jump around when they become composited (WWDC checkers demo)
<rdar://problem/6989006> Lots of time spent in RenderLayerCompositor::calculateCompositedBounds()

during window resize when using hardware layers

Fix an ordering dependency which caused the compositing position of a layer
to be affected by some later sibling, which affected the compositing ancestor's
composited bounds.

The fix is to only update the compositing positions of layers in some subtree
when updateAfterLayout() has been called on all the layers in that subtree,
from the ancestor down.

Also cache the composited bounds of a RenderLayerBacking, now that we can
guarantee that those bounds are accurate.

In preparation for combining SessionStorage and LocalStorage into a
single StorageManager, move the syncing bits out of LocalStorage and
into its own class.

The next step is to combine LocalStorageArea and SessionStorageArea
into one. Then SessionStorage and LocalStorage can be combined.

Note that combining them will cut down on code paths that must be
proxied, eliminate virtual dispatch, and allow Chromium to (eventually)
write historical sessionStorage to disk when memory is getting tight.

Also remove a couple bits of cruft including code for quotas which is
unnecessary (since a meta-data db is unnecessary since you can just
count bytes as you read the local storage databases into memory).

platform/text/StringImpl.cpp:
(WebCore::StringImpl::ustring): Changed method calling syntax to look less like calling a
static method.
(WebCore::StringImpl::copy): Reverted part of r41917 that caused the problem.

platform/chromium/PopupMenuChromium.cpp:
(WebCore::isCharacterTypeEvent): Added. Check whether the event is a
character type event. "Char" in Windows or "KeyDown" in Mac is character
type event.
(WebCore::PopupListBox::typeAheadFind): Since m_lastCharTime is used to
indicate whether user types multiple characters continuely as a search
prefix or not, it should be only assigned when the event is character
type event.

Put a message in the console that announces that a profile has started,
similar to how a console message announces that a profile has finished.

inspector/InspectorController.cpp:
(WebCore::InspectorController::addProfile): Use renamed function.
(WebCore::InspectorController::addProfileFinishedMessageToConsole):
Renamed.
(WebCore::InspectorController::addStartProfilingMessageToConsole):
New function that logs the message about the profile starting.
(WebCore::InspectorController::startUserInitiatedProfiling): Ditto

inspector/InspectorController.h:

inspector/front-end/ProfilesPanel.js: Print the "run" of the profile's
title if there are multiple profiles, and take into account the fact
that titles are displayed twice as much now.
(WebInspector.ProfilesPanel.prototype.displayTitleForProfileLink):

<rdar://problem/6956606> REGRESSION (S4Beta -> Final): After the password is input,
Japanese can't be input.

WebKit uses a per-frame input context for most editable fields, and application's global
context for password fields, manually controlling secure input state and the list of available
input methods.

We were setting TSMDocument property to disable non-Roman input methods after focus changed
to a password field, but before selection was updated. This resulted in the property being
applied to a wrong TSMDocument in some cases, because TSMGetActiveDocument() uses input
context cached by +[NSApplication updateWindows], we change context based on selection,
not on focus.

page/mac/FrameMac.mm: (WebCore::Frame::setUseSecureKeyboardEntry): Since there is only one
context that we use for password fields - the global one - there is no need to get the active
one.

rendering/RenderObject.cpp:
(WebCore::RenderObject::destroy):
Removed the check for document()->frame(). If frame() is 0 in this code,
then the call to animation() is also incorrect (since it does document()->frame()->animation()).

Fix a crash in case that the QNetworkReply::readReady signal is
"stuck" in deferred mode due to JavaScript alert, and in the meantime,
QNetworkreply::finished signal is received and processed before
QNetworkReply::readReady is processed.